Remote Code Execution Vulnerability in IBM WebSphere Automation
CVE-2024-54181

7.2HIGH

Key Information:

Vendor: IBM
Status: Websphere Automation
Vendor: CVE Published:; 30 December 2024

Summary

IBM WebSphere Automation version 1.7.5 presents a significant security risk that enables a remote privileged user, granted access to the swagger UI, to execute arbitrary code. By utilizing specially crafted input, an attacker can exploit this vulnerability to gain control of the system, leading to potential data breaches or further compromise. Organizations using this version are advised to implement appropriate security measures and monitor for suspicious activities.

Affected Version(s)

WebSphere Automation 1.7.5

References

https://www.ibm.com/support/pages/node/7179994

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2024
Vulnerability Reserved
Nov 30, 2024

Collectors

NVD DatabaseMitre Database